ekoparty Security Conference 10° edición

Juliano Rizzo(Independent researcher)

BEAST: Surprising crypto attack against HTTPS

We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.

Sobre Juliano Rizzo

Juliano Rizzo has been involved in computer security since 1996. For more than a decade he has been working on vulnerability research, reverse engineering and development of high quality exploits. As a researcher he has published various security advisories, papers and proof of concept tools. He is one of the founders and designers of Netifera, an open source platform for network security tools. He worked as a security consultant and exploit developer for Core Security Technologies (2000-2006).